Overview

overview

10

Static

static

1

MRSK0052447.exe

windows7-x64

10

MRSK0052447.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    MRSK0052447.exe

  • Size

    323KB

  • Sample

    230327-3khnmahg3y

  • MD5

    22703d73ef4ec763de5013db113d0bda

  • SHA1

    bf6a91179cc2108159728395597946a9df874ff3

  • SHA256

    bf3b3dbdeec58b9b018269cb0881f25708c1b0f0db5ed19228645e7e9ef00563

  • SHA512

    afdd9f1d92036fa2847d7dc90bbcf6c5e17fd7d34cbfd31c98968e711286e4ce41eba2767bec4d06f70f7b3239459dd3a5f64685067cec8a576f62f4954140c4

  • SSDEEP

    6144:MicFydAzxivUmv5reUOP/qHbuGkOyTysmV1f04/Vwu0FcYjaBOy/iJ:P+VivU0CKb4OcmffVwJFcC+/i

Score
10/10
guloaderdownloader

Malware Config

Targets

    • Target

      MRSK0052447.exe

    • Size

      323KB

    • MD5

      22703d73ef4ec763de5013db113d0bda

    • SHA1

      bf6a91179cc2108159728395597946a9df874ff3

    • SHA256

      bf3b3dbdeec58b9b018269cb0881f25708c1b0f0db5ed19228645e7e9ef00563

    • SHA512

      afdd9f1d92036fa2847d7dc90bbcf6c5e17fd7d34cbfd31c98968e711286e4ce41eba2767bec4d06f70f7b3239459dd3a5f64685067cec8a576f62f4954140c4

    • SSDEEP

      6144:MicFydAzxivUmv5reUOP/qHbuGkOyTysmV1f04/Vwu0FcYjaBOy/iJ:P+VivU0CKb4OcmffVwJFcC+/i

    Score
    10/10
    guloaderdownloader

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks